aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_test_lib.erl
AgeCommit message (Collapse)Author
2013-09-02ssl: Handle signature_algorithm field in digitally_signed properlyIngela Anderton Andin
with proper defaults Added ssl_ECC_SUITE
2013-05-28ssl: Do not advertise EC ciphers if crypto support is insufficientIngela Anderton Andin
2013-05-20ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0Ingela Anderton Andin
2013-05-20ssl: Remove use of deprecated crypto functionsIngela Anderton Andin
2013-05-08ssl: Only send ECC-hello extension if ECC-cipher suites are advertisedIngela Anderton Andin
2013-05-08ssl: test case fixIngela Anderton Andin
2013-05-08ssl: Filter out ECC cipher suites when openssl is buggyIngela Anderton Andin
Even in "normal" (not explicitly ECC tests) cases we need to filter out ECC ciper suites as they are preferd.
2013-05-08ssl: ct:print -> ct:log and assert port_commandIngela Anderton Andin
2013-05-08ssl: Skip ECC cipher tests on versions of openssl pre 0.9.9Ingela Anderton Andin
EEC is not fully supported before 0.9.9. Also skip tests on opensslversions with known bugs in ECC support
2013-05-08SSL: add Elliptic Curve ciphers unit testsAndreas Schultz
2013-05-08SSL: filter TLS cipher suites for supported algorithmsAndreas Schultz
2013-04-12fix srp_anon ciphers suites requiring certificates to work.Andreas Schultz
This problem was not caught by the test suites since all PSK and SRP suites where always tested with certificates. Split those tests into test with and without certificates.
2013-03-28SSL: add tests for PSK and SRP ciphersAndreas Schultz
2013-02-20ssl: Fatal close alert makes more sense than handshake failiure at econnabortedIngela Anderton Andin
2013-02-18ssl: Further error handling enhancmentsIngela Anderton Andin
follow up enhancments done in commit e56167dd6ca8d37d26ea7f19933691a3bda41113 Make sure format_error return good strings. Replace confusing legacy atoms with more descriptive atoms.
2013-01-21ssl: Enhance error handlingIngela Anderton Andin
Remove filter mechanisms that made error messages backwards compatible with old ssl but hid information about what actually happened. This does not break the documented API however other reason terms may be returned, so code that matches on the reason part of {error, Reason} may fail.
2013-01-14ssl: ct:format should be ct:printIngela Anderton Andin
2013-01-11ssl: CTify test casesIngela Anderton Andin
2012-12-20ssl: Add test for gen_tcp with reuseaddr as referenceIngela Anderton Andin
2012-12-06ssl: Timeout handling changed so that the fsm-process will terminate if the ↵Ingela Anderton Andin
ssl:ssl_accept/[2,3] or ssl:connect/[3,4] timeout expires. Add missing function clause to handle timeout during handshake. The missing clause had the effect that the timeout was wrongly discarded. Also add an extra test case for the recv timeout in addition to the one in ssl_packet_SUITE. The missing functions clause was introduced in 8a789189. This commit changed the timeout implementation, the previous implememtation could cause other type of problems as the timeout was client side.
2012-08-29Merge branch 'ta/docsmaint' into maintHenrik Nord
* ta/docsmaint: Fix various doc typos for R15B02 Fix various code typos for R15B02 OTP-10245
2012-08-22ssl: Add crypto support check (TLS 1.2 require sha256 support)Ingela Anderton Andin
2012-08-22ssl: Run relevant tests for all SSL/TLS versionsIngela Anderton Andin
2012-07-05Fix various doc typos for R15B02Tuncer Ayaz
2011-11-28Send ssl_closed notification to active ssl user when a tcp error occursIngela Anderton Andin
2011-11-28Send ssl_closed notification to active ssl user when a tcp error occursIngela Anderton Andin
2011-11-23Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-BeastIngela Anderton Andin
The code is refactored and improved to make it easier to insert the 1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done in one function clause in ssl:record_split_bin/3
2011-11-01Added PKCS-8 support in sslIngela Anderton Andin
2011-06-01The clean up of the session table now works as intended.Ingela Anderton Andin
In ssl-4.1.5 temporary clean-up processes would crash resulting in that the session table would not be cleaned up (e.i. using more and more memory) and error reports would be printed, but connections would not be affected.
2011-03-11Update copyright yearsBjörn-Egil Dahlberg
2011-03-07Add the option { hibernate_after, int() } to ssl:connect and ssl:listenJeroen Koops
When making an SSL connection (either as client or as server), the process implementing the connection may use as much as hundreds of kilobytes of memory, even when idle. This is problematic for any application maintaining more than just a few SSL connections. This patch introduces the option { hibernate_after, int() } to the ssl:connect and ssl:listen functions, making the SSL connection process go into hibernation after the specified number of milliseconds of inactivity. This will reduce the memory used by the process to just a few hundred bytes, making applications with thousands or more SSL connections feasible, as long as most of the connections are idle for most of the time (which is typically the case). The approach of making the process go into hibernation only after some time of inactivity was chosen because hibernation incurs some CPU usage, and it is therefore not desirable for a process to hibernate after each call.
2010-12-16Cache invalidation and consistent user closingIngela Anderton Andin
Added cache invalidation control of ssl certificates so that sessions will not be reused if file content is changed. There was a glitch in ssl:close that made it possible to to get eaddrinuse even though reuseadder-option was used. Also improved tests for better user-close handling.
2010-12-16Cache invaldation first version does not break old test casesIngela Anderton Andin
2010-10-07Anonymous cipher suitesIngela Anderton Andin
For testing purposes ssl now also support some anonymous cipher suites when explicitly configured to do so. Also moved session cache tests to its own suite, so that timeout of end_per_testcase when the mnesia is used as session cache will not affect other test cases.
2010-09-01Empty certificate chainIngela Anderton Andin
Handling of unkown CA certificats was changed in ssl and public_key to work as intended. In the process of doing this some test cases has been corrected as they where wrong but happened to work together with the incorrect unknown CA handling.
2010-08-31Add tests for crypto RC4 bugIngela Anderton Andin
Changed test so that the test cases testing all different ciphers also sends data so that that the calls to crypto cipher functions are also tested.
2010-08-24Merge branch 'ia/public_key_api/OTP-8722' into devIngela Anderton Andin
* ia/public_key_api/OTP-8722: Revise the public_key API Resolved, version is now 0.8. Conflicts: lib/public_key/vsn.mk
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-08-18Fix bug in ssl handshake protocol related to the choice of cipher suitesPaul Guyot
in client hello message when a client certificate is used The client hello message now always include ALL available cipher suites (or those specified by the ciphers option). Previous implementation would filter them based on the client certificate key usage extension (such filtering only makes sense for the server certificate).
2010-06-29The server now verifies the client certificate verify message correctly, ↵Ingela Anderton Andin
instead of causing a case-clause.
2010-06-08Move dsa ticket to r14a releaseIngela Anderton Andin
(This is the merge of r13 version to r14_dev)
2010-06-07OTP-8587 DSA key supportIngela Anderton Andin
New ssl now support client/server-certificates signed by dsa keys.
2010-04-29OTP-8588 Alert and packet handling improvmentIngela Anderton Andin
Alert handling has been improved to better handle unexpected but valid messages and the implementation is also changed to avoid timing related issues that could cause different error messages depending on network latency. Packet handling was sort of broken but would mostly work as expected when socket was in binary mode. This has now been fixed.
2010-04-15Ignore renegotiation reject until we implemented RFC-5746Ingela Anderton Andin
2010-04-14Improved testsIngela Anderton Andin
2010-04-13OTP-8554 Certificate extensionsIngela Anderton Andin
2010-04-09Removed need of sleep better to synchronize if possible.Ingela Anderton Andin
2010-04-08Fixed commentIngela Anderton Andin
2010-04-07** Empty commit message **Ingela Anderton Andin
2010-03-25OTP-8517 RenegotiationIngela Anderton Andin
New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value.